SS7 Attacks and Potential Breaches in Telecommunication Leading to Chaos.The Ukraine case.

Recent revelations have made it clear that SS7 breaches can occur, thanks to the vulnerabilities of such a set of protocols for telecom. Hackers can take advantage of these threats, like they have done in the past, as German researchers warn. The example of Ukraine and Russia highlights the danger crawling towards countries wishing to shield their privacy.

SS7 is a set of protocols used in telecommunications universally ever since the late 1970s, enabling smooth transportation of data without any breaches. Nevertheless, there has been some really troubling news as to the potential cracks in the security of using such protocols in telecommunication brought to light.

In specific, there are several techniques that hackers and snoopers can make use of, in order to eavesdrop and intercept phone calls or written text messages. German researchers have placed the matter to the public for consideration at the Chaos Communication Hacker Congress, since there can be a great many problems emerging.

What is even more disturbing is the fact that carriers of mobile telephony spend large amounts of money towards expanding their network and securing the conditions of communication with 3G and high-end encryption. To quote Tobias Engel, one of the German researchers mentioned above,

“It’s like you secure the front door of the house, but the back door is wide open”.

One of the major incidents registered by NKRZI (which is the National Commission for the State Regulation of Communications and Informatization in Ukraine) involved Russian addresses back in April 2014.

To be more particular, there was a report indicating that quite many Ukrainian holders of mobile phones have been affected by notorious SS7 packets that possibly derived from Russia. As a result, the mobile phone holders were intercepted of their address details and (even scarier) everything that was stored inside each phone. MTS Ukraine obviously participated in the interception, in relation to MTS Russia.

As a direct consequence of security breaches related to SS7 protocols of telecommunication, the eminent threat is none other than the surveillance taking place between different countries.

In avoidance of further weaknesses in the field of telecom, there will be those countries seeking to come up with their own capabilities and this will result in chaos. Even if some try to minimize the effect of SS7 breaches, the problem still remains among the hottest issues in the agenda worldwide. It is true that there needs to be substantial expertise for someone to access SS7 and to proceed with using such data to his benefit.

According to the security firm AdaptiveMobile that has published an analysis on the recent events with the revelations on SS7 problems with Russia and Ukraine, this is indeed an uncharted territory and the danger of intercepting data through SS7 is existent.

Of course, the bright side to the whole grey situation is that it takes technical skills to gain access to the network. Not all the people who try to succeed in monitoring SS7 networks will in fact have positive feedback. Along with that, the proper cooperation of experts aiming at securing the lines will result in the danger being limited.

Author Bio:Ali Qamar is an Internet security research enthusiast who enjoys “deep” research to dig out modern discoveries in the security industry. He is the founder and chief editor at Security Gladiators, an ultimate source for cyber security. To be frank and honest, Ali started working online as a freelancer and still shares the knowledge for a living. He is passionate about sharing the knowledge with people, and always try to give only the best. Follow Ali on Twitter @AliQammar57

Share On

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.